Security
Headlines

Headlines Latest CVEs

Headline

GHSA-jj46-9cgh-qmfx: Mattermost Improper Access Control vulnerability

Mattermost fails to check if hardened mode is enabled when overriding the username and/or the icon when posting a post. If settings allowed integrations to override the username and profile picture when posting, a member could also override the username and icon when making a post even if the Hardened Mode setting was enabled

10 months ago

#vulnerability #git

GitHub Advisory Database
GitHub Reviewed
CVE-2023-47865

Mattermost Improper Access Control vulnerability

Moderate severity GitHub Reviewed Published Nov 27, 2023 to the GitHub Advisory Database • Updated Nov 28, 2023

Package

gomod github.com/mattermost/mattermost-server/v6 (Go)

Affected versions

< 7.8.13

gomod github.com/mattermost/mattermost/server/v8 (Go)

Published to the GitHub Advisory Database

Nov 27, 2023

Last updated

Nov 28, 2023

ghsa: Latest News

GHSA-jg74-mwgw-v6x3: Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default

9 hours ago

GHSA-h4h5-9833-v2p4: Rancher agents can be hijacked by taking over the Rancher Server URL

10 hours ago

GHSA-g54f-66mw-hv66: Agnai vulnerable to Relative Path Traversal in Image Upload

13 hours ago

GHSA-h355-hm5h-cm8h: Agnai File Disclosure Vulnerability: JSON via Path Traversal

13 hours ago

GHSA-mpch-89gm-hm83: Agnai vulnerable to Remote Code Execution via JS Upload using Directory Traversal

13 hours ago